martedì 23 aprile 2019

WindowsFormsProtector2, a software to defend the source code in .Net

WindowsFormsProtector2 adds, compared to WindowsFormsProtector, the possibility to read the password to encrypt-decrypt your executable from a pendrive,the password must be written in the first line of the text file created by you for this purpose with the Notepad starting from the top left corner, for this functionality you must click on the "Get password from pendrive" button, the password can be written partly using the "virtual" keyboard and partly using the file in the pendrive, this makes more difficult to appropriate the "overall" password,in the test-release phase after reading the password you can remove the pendrive using the "safe removal".

For the features of the program and how to use it you can read the post https://gianmarcocastagna.blogspot.com/2019/04/protect-source-code-in-net.html ,
the software is under the "New Bsd" license, to download the sources you can go here https://sourceforge.net/projects/windowsformsprotector2/



Protect source code in .net

In this post you will find a procedure to add some protection to your c # source related to windows forms applications, under certain conditions the application renders both decompilers and de-obfuscators useless and protects the non-obfuscated source code.

A possible scenario: we have an executable to be tested by others but we don't want to sell it for the moment, so we can encrypt the executable and go to the test machine with our encrypted exe and the software to decrypt it, enter the password to decrypt it and upload it in memory,

 proceed as follows using the WinFormsProtector software:
  1) after selecting the executable file to be protected (with the "choose executable to encrypt" button) and choosing the password and pressing the "choose path file to encrypt" button to choose the path where to save the file, you can then proceed to creation of the encrypted file by pressing the "encrypt file into path" button, the file created is called "encryptedExe.encrypt"
  2) installation of WinFormsProtector on the test machine on which the above encrypted file will be loaded
  3) entering the password used to encrypt the file
  4) selection of the file to be decrypted by pressing the "choose file to decrypt" button
  5) press the "decrypt file, load in ram and run" button



then we load the file in memory and here we decrypt and execute it, in practice we load the Assembly in this way:

Assembly assembly1 = Assembly.Load(exe);

where exe is the array of bytes that makes up the executable
in this way the file that we intend to protect in clear does not exist on the machine but exists only encrypted or in memory,
in the executable file that it intends to protect (the called exe) is necessary to modify the main in this way:
in practice add a Start () method that calls the first Form of your application

namespace Ethical_Hacking
{
    static class Program
   {
     [STAThread]
     static void Main()
    {
       Application.EnableVisualStyles();
       Application.SetCompatibleTextRenderingDefault(false);
     Start();
    }

   public static void Start()
  {
   Form1 f = new Form1();
   f.ShowDialog();
   }

 }
}

in the calling exe we will have:

Assembly assembly1 = Assembly.Load(exe);
var programType1 = assembly1.GetTypes().FirstOrDefault(c => c.Name == "Program");
MethodInfo method1 = programType1.GetMethod("Start", BindingFlags.Public | BindingFlags.Static);
method1.Invoke(null, new object[] { });

that is, the Start () method is invoked.

If the exe file to be protected uses packages you must add these packages in the calling project (executable), for example if we use NewtonSoft.json in the program to be protected also the calling program must have NewtonSoft.Json in its packages.

In the source code you will find two zipped projects: WindowsFormsProtector and Ethical_Hacking, the first is the calling exe the second is the called exe (or the protected one), here the code and the installer: https://sourceforge.net/projects/ winformsprotector /

Crittografia e WCF per passare una password ( od una qualsiasi altra stringa (xml,json, etc.etc.) ) da un applicazione ad un' altra in sicurezza

 Il codice che segue è da considerarsi in alpha e da non utilizzare in un ambiente di produzione , qui potete trovare il  "progetto...